[libselinux/f17] Add assert to avc calls to make sure avc_init has been called.

[Daniel J Walsh]

commit 0f82e5f63ff52571760dc4541485696e707de4de
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Thu Mar 1 16:00:07 2012 -0500

    Add assert to avc calls to make sure avc_init has been called.

 libselinux-rhat.patch |   49 +++++++++++++++++++++++++++++++++++++++++++++++--
 libselinux.spec       |    5 ++++-
 2 files changed, 51 insertions(+), 3 deletions(-)
---
diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch
index e7f90a3..bb864d1 100644
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@@ -343,10 +343,46 @@ index 1bf3599..f621de7 100644
  			return 1;
  		}
 diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c
-index e7ad31d..21c09f7 100644
+index e7ad31d..6ff83a7 100644
 --- a/libselinux/src/avc.c
 +++ b/libselinux/src/avc.c
-@@ -819,6 +819,7 @@ int avc_has_perm(security_id_t ssid, security_id_t tsid,
+@@ -9,6 +9,7 @@
+  */
+ #include <selinux/avc.h>
+ #include "selinux_internal.h"
++#include <assert.h>
+ #include "avc_sidtab.h"
+ #include "avc_internal.h"
+ 
+@@ -69,6 +70,9 @@ static inline int avc_hash(security_id_t ssid,
+ int avc_context_to_sid_raw(const security_context_t ctx, security_id_t * sid)
+ {
+ 	int rc;
++	/* avc_init needs to be called before this function */
++	assert(avc_running);
++
+ 	avc_get_lock(avc_lock);
+ 	rc = sidtab_context_to_sid(&avc_sidtab, ctx, sid);
+ 	avc_release_lock(avc_lock);
+@@ -249,6 +253,8 @@ void avc_cache_stats(struct avc_cache_stats *p)
+ 
+ void avc_sid_stats(void)
+ {
++	/* avc_init needs to be called before this function */
++	assert(avc_running);
+ 	avc_get_lock(avc_log_lock);
+ 	avc_get_lock(avc_lock);
+ 	sidtab_sid_stats(&avc_sidtab, avc_audit_buf, AVC_AUDIT_BUFSIZE);
+@@ -548,6 +554,8 @@ void avc_destroy(void)
+ 	struct avc_callback_node *c;
+ 	struct avc_node *node, *tmp;
+ 	int i;
++	/* avc_init needs to be called before this function */
++	assert(avc_running);
+ 
+ 	avc_get_lock(avc_lock);
+ 
+@@ -819,6 +827,7 @@ int avc_has_perm(security_id_t ssid, security_id_t tsid,
  	errsave = errno;
  	avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata);
  	errno = errsave;
@@ -354,6 +390,15 @@ index e7ad31d..21c09f7 100644
  	return rc;
  }
  
+@@ -878,6 +887,8 @@ int avc_compute_member(security_id_t ssid,  security_id_t tsid,
+ 	int rc;
+ 	security_context_t ctx = NULL;
+ 	*newsid = NULL;
++	/* avc_init needs to be called before this function */
++	assert(avc_running);
+ 	avc_get_lock(avc_lock);
+ 
+ 	rc = security_compute_member_raw(ssid->ctx, tsid->ctx, tclass, &ctx);
 diff --git a/libselinux/src/avc_internal.c b/libselinux/src/avc_internal.c
 index be4c0a3..a07aa7f 100644
 --- a/libselinux/src/avc_internal.c
diff --git a/libselinux.spec b/libselinux.spec
index bcb91ee..2b7b552 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -8,7 +8,7 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 2.1.9
-Release: 9%{?dist}
+Release: 10%{?dist}
 License: Public Domain
 Group: System Environment/Libraries
 Source: %{name}-%{version}.tgz
@@ -233,6 +233,9 @@ rm -rf %{buildroot}
 %{ruby_sitearch}/selinux.so
 
 %changelog
+* Thu Mar 1 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.9-10
+- Add assert to avc calls to make sure avc_init has been called.
+
 * Thu Feb 16 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.9-9
 - Add selinux_current_policy_path to return /sys/fs/selinux/policy if it exists
 - Otherwise search for policy on disk